Things are getting worse for Mark Zuckerberg as he faces the latest Facebook data breach.
Last Friday, Facebook was forced to log users out of the social networking site because of a security breach that was detected in its system. Apparently, this latest Facebook data breach gave the unknown attackers access to the accounts of about 50 million people by exploiting a vulnerability in its software.
In a statement released by the company, the attack was discovered on September 25th. While the investigation is still on-going, Facebook’s VP of Product Management Guy Rosen explained that the exploited vulnerability in Facebook’s code has impacted the social networking site’s ‘View Us‘ feature.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app,” Rosen said in a blog post.
Facebook has already fixed the vulnerability and has informed the authorities about the matter. The ‘View Us’ feature, which allows people to see what their profile looks like to someone else, was removed from both the Facebook mobile application and desktop site. At the moment, the full extent of the attack, as well as the people behind the data breach, remains unknown.
“We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year,” Rosen went on to say.
However, what makes things worse for Zuckerberg and Facebook, who is still dealing with the damages caused by the Cambridge Analytica scandal, is the alleged $1.6 billion fine that the European Union might impose under the new General Data Privacy Regulation.
“Under GDPR, companies that don’t do enough to safeguard their users’ data risk a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher. Facebook’s maximum fine would be $1.63 billion using the larger calculation.
The law also requires companies to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of worldwide revenue,” the Wall Street Journal reported.
Aside from the fine, the hackers are also feared to have gotten access not just to the FB accounts of 50 million people, but to the other services that the affected users access using their FB accounts as well. These include applications where Facebook is used to register like Tinder, Spotify, and Airbnb.
“People’s privacy and security are incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” Rosen further said.